Solana
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent, read-only Solana blockchain lookup tool, with expected external calls to Solana RPC and CoinGecko.
This looks safe for read-only Solana lookups. Before installing, understand that your queried public wallet addresses, token mints, and transaction signatures may be sent to Solana RPC providers and CoinGecko; use a trusted private RPC or --no-prices if that matters.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work on systems without Python even though the registry requirements do not warn about it.
The skill relies on python3 to run its helper script, while the registry requirements list no required binaries. This is an under-declared but purpose-aligned runtime dependency.
python3 --version ... python3 ~/.hermes/skills/blockchain/solana/scripts/solana_client.py stats
Declare python3 as a required binary so users and installers have accurate setup expectations.
External RPC or pricing services can observe which public Solana addresses, tokens, or transactions are being queried.
The skill discloses that it sends lookup requests to external providers. This is expected for Solana and price queries, but wallet addresses, token mints, and transaction signatures queried by the user may be visible to those providers.
Uses Solana RPC + CoinGecko. No API key required.
For sensitive research, use a trusted private RPC endpoint via SOLANA_RPC_URL and consider using --no-prices to avoid CoinGecko lookups.